Commit Graph

416 Commits

Author SHA1 Message Date
Ben Grande
1b2f1ba941
fix: avoid operand evaluation as argument
Explicit end option parsing as the shell can be quite dangerous without
it.
2024-08-06 17:13:25 +02:00
Ben Grande
e42950376a
fix: SSH clients misses Qubes network integration
Although the dev qube doesn't need it as it use a TCP proxy, every
normal SSH setup requires it.
2024-07-25 21:23:19 +02:00
Ben Grande
2b7f555494
fix: exclude Whonix qubes by distribution feature
The feature is more reliable than the whonix-updatevm tag as the tag can
be deleted for other Whonix tags to take effect to target different
gateways, which is the case for the Bitcoin formula.
2024-07-25 20:38:35 +02:00
Ben Grande
f8aa555da8
fix: clean Signal and Browser dependencies
- libgtk4-1 is not used by Signal and now it declares the libgtk3-0
  as a dependency;
- Zenity is not needed as a file manager once Thunar is used;
- ATK is installed for Signal but not for any apps, remove until there
  is a shared formula or pillar to install accessibility tools; and
- Ayatana AppIndicator for tray widget. Signal tray widget is buggy,
  sometimes quitting doesn't quit and there is no configuration option
  to start the tray, only command-line option. Because of these reasons,
  not enabling the tray bar was chosen.
2024-07-19 15:30:19 +02:00
Ben Grande
95a184d1a9
fix: change directory to repository top level 2024-07-19 15:29:17 +02:00
Ben Grande
5d6a50c286
fix: add media appmenus 2024-07-19 15:28:56 +02:00
Ben Grande
3b6901b5d2
fix: remove broken Signal firewall rules
As NFTables converts domain names to IPs on the first query, it is not
possible to depend on it to have a stable connection. Implementing a DNS
proxy configuration might still be difficult due to the use of CDNs.
2024-07-18 16:18:36 +02:00
Ben Grande
e00ef4277c
fix: remove unnecessary USB proxy for audio client
Selecting the output and input device in the AudioVM using a GUI audio
manager such as Pavucontrol or Easyeffects to the connected USB device
is enough to make audio work. USB audio devices should not be connected
to audio clients.
2024-07-18 15:50:48 +02:00
Ben Grande
2802f2a20e
doc: prefer journalctl parameters over pipes 2024-07-18 15:41:09 +02:00
Ben Grande
3cae8df1d7
doc: add global guivm property
For: https://github.com/ben-grande/qusal/issues/89
2024-07-18 15:24:10 +02:00
Ben Grande
c7b0139a85
fix: remove unused codespell directive 2024-07-18 15:21:10 +02:00
Ben Grande
735b324821
feat: add GUI domain formula
For: https://github.com/ben-grande/qusal/issues/89
2024-07-18 15:19:38 +02:00
Ben Grande
fa11a1da7f
fix: lint all Salt file extensions 2024-07-18 12:23:38 +02:00
Ben Grande
f5fe9737a2
fix: add icons to remmina toolbar 2024-07-16 16:59:04 +02:00
Ben Grande
43aaaff352
fix: update dotfiles module 2024-07-16 16:58:34 +02:00
Ben Grande
5043e7b7d2
fix: correct easyeffects desktop application name 2024-07-15 18:31:51 +02:00
Ben Grande
a36de84155
fix: update dotfiles module 2024-07-15 18:13:54 +02:00
Ben Grande
409ac73e73
feat: add appmenus to audio applications 2024-07-15 18:03:08 +02:00
Ben Grande
a713cef2a0
fix: stop parse options on double dashes 2024-07-15 11:07:27 +02:00
Ben Grande
cf432651b3
fix: shell syntax typos 2024-07-15 10:08:19 +02:00
Ben Grande
04d1aaf63e
feat: find PGP keys from within the linter
- Find PGP keys using the same methods as other scripts;
- Lower threshold to 30 days by default;
- Add environment variable to set threshold;
- Add colors to distinguish expired from expires soon; and
- Add days until key expiration when it is below threshold.
2024-07-11 15:29:57 +02:00
Ben Grande
7a0fac1dbb
feat: add pylint configuration file 2024-07-10 17:03:56 +02:00
Ben Grande
4239032cfc
fix: uniform lint scripts name 2024-07-10 15:06:11 +02:00
Ben Grande
155eaa8622
fix: update RPM Specs 2024-07-10 15:04:09 +02:00
Ben Grande
224312ed42
feat: enable all optional shellcheck validations
Make shell a little bit safer with:

- add-default-case
- check-extra-masked-returns
- check-set-e-suppressed
- quote-safe-variables
- check-unassigned-uppercase

Although there are some stylistic decisions for uniformity:

- avoid-nullary-conditions
- deprecated-which
- require-variable-braces
2024-07-10 14:36:05 +02:00
Ben Grande
011a71a36d
style: limit line length per file extension
Editorconfig can only act based on file extension and path, not
attributes, it remains a mean only for multiple collaborators to use the
same configuration on their editor. When it is too restrictive, such as
not considering the file syntax, use a lint tool for the specific file
type instead of trusting editorconfig. Changes were made to increase
readability.
2024-07-09 17:42:07 +02:00
Ben Grande
2d0bf9784d
fix: update dotfiles RPM Spec 2024-07-08 20:14:42 +02:00
Ben Grande
28c298d6f4
fix: add Python indentation to editorconfig 2024-07-08 20:11:44 +02:00
Ben Grande
10c0ea0cbf
chore: editorconfig check 2024-07-08 19:59:53 +02:00
Ben Grande
6eb13fa07f
ci: reproducible license sort 2024-07-08 19:10:14 +02:00
Ben Grande
49fb82a177
ci: show license sort order 2024-07-08 18:55:24 +02:00
Ben Grande
ca143746b9
ci: show environment 2024-07-08 18:42:46 +02:00
Ben Grande
6e6c7b452f
ci: escape special sed character 2024-07-08 18:34:41 +02:00
Ben Grande
f30e5e11a9
build: dictionary sort licenses names
GHA can sort differently than local.
2024-07-08 18:20:12 +02:00
Ben Grande
0f6aa34a89
test: show RPM Spec differences on status check 2024-07-08 18:00:01 +02:00
Ben Grande
c06e4311f9
ci: generate reproducible RPM Spec macros 2024-07-08 17:42:47 +02:00
Ben Grande
523bca2327
fix: conform files to editorconfig specification 2024-07-08 17:26:34 +02:00
Ben Grande
89a4ea8073
ci: show all errors by continuing on error 2024-07-08 17:17:16 +02:00
Ben Grande
4a56d535ca
ci: checkout before reading dependencies file 2024-07-08 17:11:12 +02:00
Ben Grande
67c8c78426
ci: lint editorconfig checker 2024-07-08 17:08:12 +02:00
Ben Grande
0e150382e1
ci: check if RPM Specs are up to date 2024-07-08 15:21:49 +02:00
Ben Grande
85635f305d
build: update RPM Specs 2024-07-08 11:42:13 +02:00
Ben Grande
f60077f1a9
doc: spell check 2024-07-08 11:41:45 +02:00
Ben Grande
077b9b4e5e
ci: lint YAML and spell check code 2024-07-08 11:12:38 +02:00
Ben Grande
ab044c15b1
feat: bump Pi-Hole version
Many of the Pi-Hole releases of this year were made due to security
vulnerabilities. None of them are to concern to Qusal users.

- GHSA-jg6g-rrj6-xfg6: Requires authenticated user;
- GHSA-95g6-7q26-mp9x: Requires authenticated user; and
- GHSA-3597-244c-wrpj: Requires shell in the same qube running Pi-Hole.

The admin interface is only allowed through localhost, therefore only
sys-pihole and sys-pihole-browser qubes have access to it, blocked by
firewall (nftables) and HTTP server (lighttpd). Qubes with access to the
admin interface are not of a concern, we assume that every qube that has
access to the admin interface is trusted, therefore, only if a qube
doesn't have access to the admin interface and can gain access, it
becomes a concern, which hasn't happened.
2024-07-07 15:26:52 +02:00
Ben Grande
bb722faba4
Revert "ci: use action major version"
This reverts commit 8721ff184a.

GitHub Action version syntax is not support for all actions such as
pre-commit.
2024-07-07 15:25:23 +02:00
Ben Grande
a2fff01867
fix: remove unimplemented policy creation
Fixes: https://github.com/ben-grande/qusal/issues/91
2024-07-07 15:19:20 +02:00
Ben Grande
8721ff184a
ci: use action major version
Using action major version guarantees using the latest action version
while not having to constantly modify the patch and minor version.
2024-07-06 22:31:51 +02:00
Ben Grande
8604887c66
feat: unify cacher tag list to a single script 2024-07-06 22:30:36 +02:00
Ben Grande
35fa43dadf
perf: make pre-commit hooks pass file extensions
- shell-lint: faster evaluation of shell scripts, hook 40% faster;
- *-lint: unify method to find the "find" utility; and
- pre-commit: pass file extensions to lint tools.
2024-07-06 22:25:54 +02:00